Text 11. Types of Viruses

Some viruses do little but replicate, while others can cause severe harm or adversely affect the program and performance of the system. A virus should never be assumed harmless and left on a system. There are different types of viruses which can be classified according to their origin, techniques, types of files they infect, where they hide, the kind of damage they cause, the type of operating system, or platform they attack. Let us have a look at few of them.

· Memory Resident Virus (резидентный вирус). These viruses fix themselves in the computer memory and get activated whenever the OS runs and infects all the files that are then opened. It gets control over the system memory. It can corrupt files and programs that are opened, closed, copied, renamed, etc. To protect your computer install an antivirus program.

· Direct Action Viruses (вирусы прямого действия). The main purpose of this virus is to replicate and take action when it is executed. When a specific condition is met, the virus will go into action and infect files in the directory or folder that are specified in the AUTOEXEC.BAT file path. Basically, it is a file-infecter virus. Examples: Vienna virus.

· Boot Sector Virus (загрузочные вирусы). This type of virus affects the boot sector of a hard disk. This is a crucial part of the disk, in which information of the disk itself is stored along with a program that makes it possible to boot (start) the computer from the disk. This type of virus is also called Master Boot Sector Virus or Master Boot Record Virus. It hides in the memory until DOS accesses the floppy disk, and whichever boot data is accessed, the virus infects it. The best way of avoiding boot sector viruses is to ensure that floppy disks are write-protected. Also, never start your computer with an unknown floppy disk in the disk drive.

· Macro Virus (макровирусы). Macro viruses infect files that are created using certain applications or programs that contain macros, like.doc,.xls,.pps,.mdb, etc. The viruses automatically infect the file that contains macros, and also infects the templates and documents that the file contains. It is referred to as a type of e-mail virus. They hide in documents that are shared via e-mail or networks. The best protection technique is to avoid opening e-mails from unknown senders. Also, disabling macros can help to protect your useful data.

· Directory Virus (файловые вирусы). Directory viruses (also called Cluster Virus/File System Virus) infect the directory of your computer by changing the path that indicates the location of a file. When you execute a program file with an extension.EXE or.COM that has been infected by a virus, you are unknowingly running the virus program, while the original file and program is previously moved by the virus. Once infected, it becomes impossible to locate the original files. It is usually located in only one location of the disk, but infects the entire program in the directory. All you can do is to reinstall all the files from the backup that are infected after formatting the disk.

· Polymorphic Virus (полиморфные вирусы). Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms and encryption keys) every time they infect a system. This makes it impossible for antivirus software to find them using signature searches (because they are different in each encryption). The virus then goes on to create a large number of copies. Install a high-end antivirus as the normal ones are incapable of detecting this type of virus.

· Companion Viruses (вирусы-спутники). Companion viruses can be considered as a type of file infector virus, like resident or direct action types. They are known as companion viruses because once they get into the system they ’accompany’ the other files that already exist. In other words, to carry out their infection routines, companion viruses can wait in memory until a program is run (resident virus), or act immediately by making copies of themselves (direct action virus). These generally use the same filename and create a different extension of it. For example: If there is a file “Me.exe”, the virus creates another file named “Me.com” and hides in the new file. When the system calls the filename “Me”, the “.com” file gets executed, thus infecting the system. Install an antivirus scanner and also download Firewall.

· FAT Virus (FAT вирусы). The file allocation table (FAT) is the part of a disk used to store all the information about the location of files, available space, unusable space, etc. FAT virus attacks the FAT section and may damage crucial information. It can be especially dangerous as it prevents access to certain sections of the disk where important files are stored. Damage caused can result in loss of information from individual files or even entire directories. Before the virus attacks all the files on the computer, locate all the files that are actually needed on the hard drive, and then delete the ones that are not needed. They may be files created by viruses.

· Worms (вирусы-репликторы). A worm is a program very similar to a virus; it has the ability to self-replicate and can lead to negative effects on your system. But they can be detected and eliminated by an antivirus software. These generally spread through e-mails and networks. They do not infect files or damage them, but they replicate so fast that the entire network may collapse. Install an updated version of antivirus.

· Trojans. Another unsavory breed of malicious code are Trojans or Trojan horses, which unlike viruses, do not reproduce by infecting other files, nor do they self-replicate like worms. In fact, it is a program which disguises itself as a useful program or application.